0

I am using ansible-napalm and trying to write a simple playbook to pull facts from network devices. I want to encrypt the passwords with ansible-vault, however regardless of what I try I keep getting the error: Vault format unhexlify error: Odd-length string

I initially was trying this in bash under the Windows subsystem for Linux and I thought this may be the issue so I recreated everything on a centos VM and still run into the same issue.

I have tried using encrypt-string to embed the encrypted pw directly into the playbook. I have also tried encrypting the file and calling the variable. Both methods give the same error.

I found this issue: Ansible-vault errors with "Odd-length string" And I thought the issue was to do with CRLF line terminators so I sorted that and made sure all files were ASCII text but this still gives the same errors.

My code is below, any help would be majorly appreciated because I am pulling my hair out!

---

- name: napalm_facts
  hosts: all
  connection: local
  gather_facts: no

  tasks:
    - name: get facts from device
      napalm_get_facts:
        hostname: "{{ ansible_host }}"
        username:  'admin'
        password: "{{ napalm_password }}"
        dev_os: 'ios'
      register: result

    - name: print results
      debug: msg="{{ result }}"

I've tried the below methods, for reference.

ansible-vault encrypt vars/vaultpw.yml

ansible-vault encrypt_string password123 --ask-vault-pass
fraserc182
  • 237
  • 1
  • 4
  • 13
  • Have you considered using their "inline" style, [as described here](https://docs.ansible.com/ansible/2.8/user_guide/vault.html#use-encrypt-string-to-create-encrypted-variables-to-embed-in-yaml)? Another advantage of the inline style is that it offers the playbook reader an idea of what variables are defined therein, which `ansible-vault encrypt vars/the_whole_file.yml` does not – mdaniel Sep 26 '19 at 16:07
  • Also, can you reproduce your error using, quite literally, `password123` as you have posted in your question? I will help us understand exactly what circumstances you are getting that error – mdaniel Sep 26 '19 at 16:08
  • So I tried to literally use `password123` as you suggested and I get the following error. `fatal: [Test_Lab_Switch]: FAILED! => {"msg": "Unable to pass options to module, they must be JSON serializable` I think this is something different however, so I will try to solve this error and post an update. – fraserc182 Sep 26 '19 at 18:12
  • So I managed to get a bit further. I can now run the playbook and it fails with the following error. `cannot connect to device: Authentication failure: unable to connect cisco_ios x.x.x.x:22\nAuthentication failed` Running with -vvv gives the following output: `"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"` – fraserc182 Sep 26 '19 at 20:14

1 Answers1

0

I managed to get this sorted by taking suggestions from this thread: Inline encrypted variable not JSON serializable Thanks for the reply at first, it put me on the right path with getting this sorted.

fraserc182
  • 237
  • 1
  • 4
  • 13